Hi @Leobel_Izquierdo and @javiertc
The steps to implement it would be like below;
-
First, generate a token to handle the group quota.
-
Then generate the client tokens (mobile, web etc).
-
Next, add the group token as metadata to each client token.
-
Create a “dynamic” api that uses an advanced url rewrite(Looping) to take a “target”, and “path” querystring or header variable and uses those to build the rewrite. This makes the cost of another call minimal.
-
Each api that needs to handle the group quota needs to:
Replace the auth header with the group key, redirect the request using a URL rewrite(looping) to the “dynamic” api with the correct target and path variables.
The request will be authorized in trip 1, but the quota only applied to the group token in trip 2. Essentially providing a “grouped” quota.
Thank you once again.